Using Windows Remote Desktop Over SSH Tutorial

Using Using Windows Remote Desktop Over SSH Tutorial
A Tutorial by Mark DeCheser
Written 2005/05/08
http://www.decheser.org

Introduction:

Before I even understood what SSH is and what it does, I was using Windows Remote Desktop Client to connect to my servers at work. I was pretty naive in thinking that this connection was certified as safe and encrypted at the suggestion of Microsoft, but have since come to learn that it is not. Furthermore, port 3389, which is the default port Windows RDP uses, is a notorious vulnerability for Windows servers run by unaware admins. I closed the port on my firewall and haven't looked back since.

As a result, I tended to use my Linux servers for more of my web hosting needs whenever possible because of the benefits of SSH. Recently, a security expert who was hired to perform penetration testing suggested using Windows RDP over SSH. I didn't know such a thing was possible. But I'm happy to report that it is!

Now, I'm able to connect to my Windows servers from home without a worry. Follow the steps to this tutorial and you'll have your RDP over SSH session running in no time.

Assumptions:

For reasons of simplyfing this tutorial, it's assumed (and required) that you already have an SSH server running on your Windows server. I suggest using either Cygwin or OpenSSH for Windows. You'll also need to be using PuTTY, a free Telnet/SSH client for Windows.

It's also assumed that you have created a user for your SSH session to use on your Windows server. Some familarity with PuTTY is helpful as well.

It is worth mentioning that some Windows-based SSH server software apps are subject to periodic security compromises, so it's important to ensure your SSH server is running the latest and greatest tested builds.

And finally, it's assumed that the SSH service is running on your Windows server when you attempt to connect.

Instructions:

If you're using a platform other than Windows XP SP2, skip steps 1 & 2.

Connect using Windows XP Service Pack 2

For some reason, when Microsoft released SP2 for WinXP, they took the liberty of redefining the loopback address of your NIC as being only 127.0.0.1 instead of 127.0.0.0/8 as per the RFC specifications. They released a post-SP2 patch which rolls back your IP stack so that the entire 127.0.0.0/8 subnet is addressable. Installing this patch on your Remote Desktop client is required to proceed.

1) Download and apply the KB824684 patch from Microsoft on your Remote Desktop client machine.
2) Restart the client machine.
3) When your RD client is restarted, launch PuTTY and begin to define a new session. Name it RDPoverSSH or whatever.
4) For the hostname, use a domain name or IP address. [ex. http://www.decheser.org/ or 192.168.40.10]
5) Expand Connection -> SSH and select Tunnels. Under Port Forwarding, enter [ 127.0.0.2:3390 ] in the Source port field.
6) Under Destination, enter [ 192.168.40.10:3389 ] or whatever your hostname/IP address is.
7) Ensure that the Local radio button is selected, and click the Add button. Your entry will appear in the Forwarded Ports field.
8) Click on Session at the top left of your PuTTY config category. Click the Save button to save your configurations to this defined session.

Now you're ready to start the SSH session to the remote Windows RDP server.

9) Start a connection to the Windows server using PuTTY on your RD client by double clicking on the Saved session name in your list or selecting it and clicking the Open button.
10) Login to your Windows SSH server by providing the credentials you provided when creating your Unix-based user account on your SSH server.
11) Ensure that you have logged in successfully to your Windows SSH server. You can then minimize your PuTTY session on your RD client.

Now you're ready to start your Remote Desktop session.

12) Launch your Remote Desktop Connection client.
13) Simply enter [ 127.0.0.2:3390 ] in the Computer field and click connect.
14) If everything is configured correctly, you will establish an RDP session and you'll be prompted to authenticate just as if you were using Windows Remote Desktop in its default state.
15) Success!

Conclusion:

I hope these instructions have been helpful to you. If you have any comments or suggestions on how this process can be simplified, please let me know by e-mailing mark@nospamplzkthx_dechese.org

Sources:

- KB824684 - Microsoft Support
- Webservertalk.com Archive